add metrics & encrypt

This commit is contained in:
2023-09-02 17:50:06 +02:00
parent a0cc73a7e9
commit 9a13ade068
2 changed files with 51 additions and 4 deletions

View File

@ -355,6 +355,28 @@ Will print the SSH config access after cluster creation.
{{</ tab >}}
{{</ tabs >}}
#### ETCD and network encryption by default
You may need to enable etcd and network encryption in order to preventing any data leak in case of a server is compromised. You can easily do so by adding the following variables:
{{< highlight host="demo-kube-hcloud" file="kube.tf" >}}
```tf
module "hcloud_kube" {
//...
enable_wireguard = true
control_planes_custom_config = {
secrets-encryption = true,
}
//...
}
```
{{< /highlight >}}
#### Inputs
As input variables, you have the choice to use environment variables or separated `terraform.tfvars` file.

View File

@ -436,10 +436,6 @@ If you go to `https://grafana.kube.rocks/dashboards`, you should see a many dash
* Prometheus and Grafana itself stats
* Flux stats
{{< alert >}}
Some other core components like etcd, scheduler, proxy, and controller manager need to have metrics enabled to be scraped. See K3s docs or [this issue](https://github.com/k3s-io/k3s/issues/3619)
{{< /alert >}}
#### Prometheus
[![Prometheus](dashboards-prometheus.png)](dashboards-prometheus.png)
@ -498,6 +494,35 @@ You can easily import some additional dashboards by importing them from Grafana
[![Redis](dashboards-redis.png)](dashboards-redis.png)
#### Other core components
Some other core components like etcd, scheduler, proxy, and controller manager need to have metrics enabled to be scraped. See K3s docs or [this issue](https://github.com/k3s-io/k3s/issues/3619).
From Terraform Hcloud project, use `control_planes_custom_config` for expose all remaining metrics endpoint:
{{< highlight host="demo-kube-hcloud" file="kube.tf" >}}
```tf
module "hcloud_kube" {
//...
control_planes_custom_config = {
etcd-expose-metrics = true,
kube-scheduler-arg = "bind-address=0.0.0.0",
kube-controller-manager-arg = "bind-address=0.0.0.0",
kube-proxy-arg = "metrics-bind-address=0.0.0.0",
}
//...
}
```
{{< /highlight >}}
{{< alert >}}
As above config applies only at cluster initialization, you may change directly `/etc/rancher/k3s/config.yaml` instead and restart K3s server.
{{< /alert >}}
## Logging
Last but not least, we need to add a logging stack. The most popular one is [Elastic Stack](https://www.elastic.co/elastic-stack), but it's very resource intensive. A more lightweight option is to use [Loki](https://grafana.com/oss/loki/), also part of Grafana Labs.